How to deal with suspicious spam calls or texts
In this article
Scams are unfortunately very common and are increasingly getting more sophisticated.
You probably have multiple emails in your spam folder declaring that ‘You’re an instant millionaire’ or that the emailer is of wealthy means but down on their luck, and if you just transfer some money to their off-shore account, they’ll share with you some long lost inheritance. These are easily identifiable scams, but it’s the scams that are disguised as something legitimate (phishing scams) that may be more dangerous and effective. To protect your identity and your finances, it’s important you know how to keep yourself safe from scammers.
What is Phishing?
A phishing scam is a cyber-attack designed to appear as if it’s from a trustworthy source.
Phishing is a method scammers use to trick you into giving them your personal information by getting you to click a link or visit a fake website where you may be asked to enter your login, password, credit card or bank account details.
Phishing emails or scams are disguised to look like genuine services you may want or use, for instance a bank, a supermarket, a payment service, 2degrees or even the National Cyber Security Centre (NCSC). They are unexpected phone calls or emails that often ask you to log into your computer, click a link, or download an attachment. Phishing can take the form of emails, phone calls, social media, texts – especially on messaging services – and pop ups.
‘Phish’ is pronounced just like you say like the word ‘fish’. It refers to the idea of someone baiting up a hook to look like a tasty treat a fish might enjoy, and throwing the hook (the phishing email or call) out there and hoping someone will bite or take the bait.
The bad news is that scammers are getting much, much better at phishing thanks to sophisticated cyber-crime tools. The good news is that being security smart is the best way to ensure scammers do not succeed.
How do I know I’m being scammed or phished?
Scams are usually the deals which sound too good to be true, or serious warnings like an overdue payment or a virus on your computer.
If anyone phones you out of the blue and says they need to fix your modem or computer or install software to get rid of a virus or resolve internet issues, you can be pretty sure that the caller is a scammer. They may offer to help by taking control of your computer or providing ‘remote access technical support’. Do not give access to your computer; do not share your login details – even if the caller sounds like they’re from a reputable company. We can 100% guarantee that Microsoft will not call you and offer ‘technical support’ for your computer.
Sometimes a scam is difficult to identify and may start with a missed call from an unknown international number. One of the known phone scams is called the Wangiri ‘one ring’ scam. This is when scam callers ring – often from an overseas number – then hang up before you can answer. Their goal is to get you to call back so they can pocket a premium calling fee. If you find yourself thinking, ‘Who could be calling me from Chad?’, then you should definitely not answer or return the call. In fact, the best advice is to ignore any calls that you wouldn’t otherwise be expecting from unfamiliar country codes. Do not call the number back unless you get an authentic Voicemail message. Then you know that if they called you from an overseas country, they will have been charged to leave the message. If you receive several of these types of calls, please let us know and do report it.
Remember that scammers can go to great lengths to appear trustworthy. Even if they know your full name, address and date of birth, do not assume they are legitimate.
Ask yourself these four questions to figure out if you’re being scammed:
- Has someone I don’t know contacted me unexpectedly?
- Are they promising me something big for very little investment of my time or money?
- Have they asked me to do something or provide personal information?
- Are they reluctant to let me hang up and call them back on the official number of the organisation?
If you answer yes to all four questions, you are probably being scammed.
If you’d like more help in identifying a scam, the NZ Telecommunications Forum (TCF) offers lots of helpful advice around phone scams and Consumer Protection NZ has some recent examples of scam alerts.
How do I report scam calls, texts and emails or online phishing?
Regardless of whether you’ve experienced or seen an internet, phone or other type of scam, you should report all attempted and successful scams to Netsafe. Netsafe takes reports of all scams — whether they’re on the ‘net or not.
Reporting phishing and scams is worthwhile as it can affect people’s finances and privacy and can impact trust and confidence. Netsafe annually receives reports that add up to tens of millions of dollars lost to scams and fraud. When you report a scam, it helps build New Zealand’s resilience and strengthens our collective security.
Report scam calls
If you’ve received suspicious calls, please report them to our Care Team by calling 200 from your phone, or send us a private message on Facebook. Where we can we’ll investigate the source further, and if they’re using a New Zealand number, may be able to block the scam calls.
It’s helpful if you can provide the time, date and number that called you as well as the nature of the call.
Report phishing or scam texts
Don’t reply to any phishing or scam texts you receive. It’s best not to respond as this indicates to the scammer they have a ‘live’ connection. Some scammers run a premium-rate number which could be costly you.
Report text message scams to the Department of Internal Affairs by forwarding the message free to 7726 (SPAM).
You can also submit a report to Netsafe.
Tips for staying safe from scams
- Be careful where and who you give your personal details to.
- Use different passwords for your various online accounts and consider using two-factor authentication.
- Avoid using risky passwords like your birthday, address, kids’ or pets’ names, and sequential numbers like 1111 or 1234.
- Keep your computer’s anti-virus protection up to date.
- Delete any emails that look suspicious and never click any links that you’re not 100% sure have come from a trusted source.
- Be cautious about unexpected contact – even from those saying they are legitimate organisations like 2degrees. Please note that we will never ask you for your password or login details over the phone. We keep our emails about billing very regular and you can always find information about your latest charges within Your 2degrees account or within the 2degrees App.
- If you can’t tell if a phone call is legitimately from a company you do business with, then hang up immediately and call them back on their official phone number to confirm.
- If you receive one or multiple missed calls from an ‘unknown’ number or a number you don’t recognise, then ignore it and don’t call/text back.
Online Pop-up Scams
We’ve noticed an increase in pop-up scams. This happens when you’re surfing the net and get a message that looks like it’s from 2degrees telling you that, because you’re a customer, you’ve won a prize. Sorry to say, this isn’t true. Please don’t click the link or give any personal details as this is a scam.
The FluBot scam
Flubot is a harmful app currently circulating via text message and affects Android phones. iPhones can also receive the FluBot message but can’t be infected. They’re disguised as something harmless like a notification for a postal parcel, a banking notification or even a warning that your online photos are being shared without your knowledge. Here are some examples of what these messages could look like:
(NOTE: These are only a few examples. The simple rule-of-thumb is to avoid clicking on any link from a sender you don’t recognise.)
Within each of these messages, there will be link that you’ll be asked to click. Once you do, it will ask you to download software onto your phone. Your phone is only infected with the FluBot after you download the software they request. If you think your phone has been targeted by FluBot, here’s what you can do:
- If you’ve just received a text message: Please report the message by forwarding it free-of-cost to 7726. Once you’ve reported the message, you can delete it.
- If you’ve clicked the link in the message:If all you’ve done is click the link, without installing any new software, your phone should still be safe. You should still forward the message to 7726 and delete the message once you’re done.
- If you clicked the link and downloaded the app:At this stage, you’ll need to factory reset your phone. Please note, doing this will delete all apps, photos, emails, messages, and contacts stored on your phone. If you are restoring your phone from a backup, be sure to use a backup taken before you installed the FluBot malware. Before you factory reset your phone, you should still forward the message to 7726 and delete the message once you’re done. You should also:
- Check with your bank for any suspicious activity
- Change all your online passwords
- Report the incident to CERT NZ
NOTE: If your phone has been infected by the FluBot malware, it will start sending spam messages to multiple random people. These messages will not show up in your phone’s messaging app history.